.fmf/version

@@ -1 +0,0 @@
-1

.gitignore

@@ -1,68 +1 @@
-lxml-2.2.7.tar.gz
-lxml-2.2.7.tar.gz.asc
-/lxml-2.2.8.tar.gz
-/lxml-2.2.8.tar.gz.asc
-/lxml-2.3.tar.gz
-/lxml-2.3.tar.gz.asc
-/lxml-2.3.1.tar.gz
-/lxml-2.3.1.tar.gz.asc
-/lxml-2.3.2.tar.gz
-/lxml-2.3.2.tar.gz.asc
-/lxml-2.3.3.tar.gz
-/lxml-2.3.3.tar.gz.asc
-/lxml-2.3.5.tar.gz
-/lxml-2.3.5.tar.gz.asc
-/lxml-3.0.tar.gz
-/lxml-3.0.tar.gz.asc
-/lxml-3.0.tgz
-/lxml-3.0.tgz.asc
-/lxml-3.0.1.tgz
-/lxml-3.0.1.tgz.asc
-/lxml-3.1.0.tgz
-/lxml-3.1.0.tgz.asc
-/lxml-3.2.0.tgz
-/lxml-3.2.0.tgz.asc
-/lxml-3.2.1.tgz
-/lxml-3.2.1.tgz.asc
-/lxml-3.2.3.tgz
-/lxml-3.2.3.tgz.asc
-/lxml-3.2.4.tgz
-/lxml-3.2.4.tgz.asc
-/lxml-3.3.0.tgz
-/lxml-3.3.0.tgz.asc
-/lxml-3.3.2.tgz
-/lxml-3.3.2.tgz.asc
-/lxml-3.3.3.tgz
-/lxml-3.3.3.tgz.asc
-/lxml-3.3.5.tgz
-/lxml-3.3.5.tgz.asc
-/lxml-3.3.6.tgz
-/lxml-3.3.6.tgz.asc
-/lxml-3.4.4.tgz
-/lxml-3.4.4.tgz.asc
-/lxml-3.6.4.tar.gz
-/lxml-3.7.0.tar.gz
-/lxml-3.7.1.tgz
-/lxml-3.7.2.tgz
-/lxml-3.8.0.tgz
-/lxml-4.0.0.tgz
-/lxml-4.1.1.tgz
-/lxml-4.2.1.tgz
-/lxml-4.2.3.tgz
-/lxml-4.2.4.tgz
-/lxml-4.2.5.tgz
-/lxml-4.4.0.tgz
-/lxml-4.4.1.tgz
-/lxml-4.5.1.tgz
-/lxml-4.6.2.tar.gz
-/lxml-4.6.3.tar.gz
-/lxml-4.7.1.tar.gz
-/lxml-4.9.1.tar.gz
-/lxml-4.9.2.tar.gz
-/lxml-4.9.2-no-isoschematron.tar.gz
-/lxml-4.9.2-no-isoschematron-rng.tar.gz
-/lxml-4.9.3-no-isoschematron-rng.tar.gz
-/lxml-4.9.4-no-isoschematron-rng.tar.gz
-/lxml-5.1.0-no-isoschematron-rng.tar.gz
-/lxml-5.2.0-no-isoschematron-rng.tar.gz
-/lxml-5.2.1-no-isoschematron-rng.tar.gz
+SOURCES/lxml-4.2.3.tgz

.python-lxml.metadata

@@ -0,0 +1 @@
+536c9ced5d03e8d871ebf21748ed36a2f7ddf668 SOURCES/lxml-4.2.3.tgz

417.patch

@@ -1,40 +0,0 @@
-From f5f64df808b35969794ba3ea8c19079276aa0cb0 Mon Sep 17 00:00:00 2001
-From: Lumir Balhar <lbalhar@redhat.com>
-Date: Thu, 4 Apr 2024 11:11:38 +0200
-Subject: [PATCH] Skip test_feedparser_data if lxml_html_clean is not available
-
-This is useful mostly for distributors shipping lxml without
-lxml_html_clean.
----
- src/lxml/html/tests/test_feedparser_data.py | 11 ++++++++++-
- 1 file changed, 10 insertions(+), 1 deletion(-)
-
-diff --git a/src/lxml/html/tests/test_feedparser_data.py b/src/lxml/html/tests/test_feedparser_data.py
-index 36fba1acb..264c0d4b5 100644
---- a/src/lxml/html/tests/test_feedparser_data.py
-+++ b/src/lxml/html/tests/test_feedparser_data.py
-@@ -9,7 +9,11 @@
- from lxml.tests.common_imports import doctest
- from lxml.doctestcompare import LHTMLOutputChecker
- 
--from lxml.html.clean import clean, Cleaner
-+try:
-+    from lxml.html.clean import clean, Cleaner
-+    html_clean_available = True
-+except ImportError:
-+    html_clean_available = False
- 
- feed_dirs = [
-     os.path.join(os.path.dirname(__file__), 'feedparser-data'),
-@@ -80,6 +84,11 @@ def shortDescription(self):
- 
- def test_suite():
-     suite = unittest.TestSuite()
-+
-+    if not html_clean_available:
-+        print("Skipping tests in feedparser_data - external lxml_html_clean package is not installed")
-+        return suite
-+
-     for dir in feed_dirs:
-         for fn in os.listdir(dir):
-             fn = os.path.join(dir, fn)

SOURCES/CVE-2020-27783.patch

@@ -0,0 +1,121 @@
+diff --git a/src/lxml/html/clean.py b/src/lxml/html/clean.py
+index adc3f45..6f3f7de 100644
+--- a/src/lxml/html/clean.py
++++ b/src/lxml/html/clean.py
+@@ -61,12 +61,15 @@ __all__ = ['clean_html', 'clean', 'Cleaner', 'autolink', 'autolink_html',
+ 
+ # This is an IE-specific construct you can have in a stylesheet to
+ # run some Javascript:
+-_css_javascript_re = re.compile(
+-    r'expression\s*\(.*?\)', re.S|re.I)
++_replace_css_javascript = re.compile(
++    r'expression\s*\(.*?\)', re.S|re.I).sub
+ 
+ # Do I have to worry about @\nimport?
+-_css_import_re = re.compile(
+-    r'@\s*import', re.I)
++_replace_css_import = re.compile(
++    r'@\s*import', re.I).sub
++
++_looks_like_tag_content = re.compile(
++    r'</?[a-zA-Z]+|\son[a-zA-Z]+\s*=', re.ASCII).search
+ 
+ # All kinds of schemes besides just javascript: that can cause
+ # execution:
+@@ -292,8 +295,8 @@ class Cleaner(object):
+             if not self.inline_style:
+                 for el in _find_styled_elements(doc):
+                     old = el.get('style')
+-                    new = _css_javascript_re.sub('', old)
+-                    new = _css_import_re.sub('', new)
++                    new = _replace_css_javascript('', old)
++                    new = _replace_css_import('', new)
+                     if self._has_sneaky_javascript(new):
+                         # Something tricky is going on...
+                         del el.attrib['style']
+@@ -305,9 +308,9 @@ class Cleaner(object):
+                         el.drop_tree()
+                         continue
+                     old = el.text or ''
+-                    new = _css_javascript_re.sub('', old)
++                    new = _replace_css_javascript('', old)
+                     # The imported CSS can do anything; we just can't allow:
+-                    new = _css_import_re.sub('', old)
++                    new = _replace_css_import('', new)
+                     if self._has_sneaky_javascript(new):
+                         # Something tricky is going on...
+                         el.text = '/* deleted */'
+@@ -509,6 +512,12 @@ class Cleaner(object):
+             return True
+         if 'expression(' in style:
+             return True
++        if '</noscript' in style:
++            # e.g. '<noscript><style><a title="</noscript><img src=x onerror=alert(1)>">'
++            return True
++        if _looks_like_tag_content(style):
++            # e.g. '<math><style><img src=x onerror=alert(1)></style></math>'
++            return True
+         return False
+ 
+     def clean_html(self, html):
+diff --git a/src/lxml/html/tests/test_clean.py b/src/lxml/html/tests/test_clean.py
+index 3bcaaf5..451eec2 100644
+--- a/src/lxml/html/tests/test_clean.py
++++ b/src/lxml/html/tests/test_clean.py
+@@ -69,6 +69,26 @@ class CleanerTest(unittest.TestCase):
+         s = lxml.html.fromstring('<invalid tag>child</another>')
+         self.assertEqual('child', clean_html(s).text_content())
+ 
++    def test_sneaky_noscript_in_style(self):
++        # This gets parsed as <noscript> -> <style>"...</noscript>..."</style>
++        # thus passing the </noscript> through into the output.
++        html = '<noscript><style><a title="</noscript><img src=x onerror=alert(1)>">'
++        s = lxml.html.fragment_fromstring(html)
++
++        self.assertEqual(
++            b'<noscript><style>/* deleted */</style></noscript>',
++            lxml.html.tostring(clean_html(s)))
++
++    def test_sneaky_js_in_math_style(self):
++        # This gets parsed as <math> -> <style>"..."</style>
++        # thus passing any tag/script/whatever content through into the output.
++        html = '<math><style><img src=x onerror=alert(1)></style></math>'
++        s = lxml.html.fragment_fromstring(html)
++
++        self.assertEqual(
++            b'<math><style>/* deleted */</style></math>',
++            lxml.html.tostring(clean_html(s)))
++
+ 
+ def test_suite():
+     suite = unittest.TestSuite()
+diff --git a/src/lxml/html/tests/test_clean.txt b/src/lxml/html/tests/test_clean.txt
+index c78ab4f..c901871 100644
+--- a/src/lxml/html/tests/test_clean.txt
++++ b/src/lxml/html/tests/test_clean.txt
+@@ -104,7 +104,11 @@
+ >>> print(Cleaner(page_structure=False, safe_attrs_only=False).clean_html(doc))
+ <html>
+   <head>
+-    <style>/* deleted */</style>
++    <style>
++      body {background-image: url()};
++      div {background-image: url()};
++      div {color: };
++    </style>
+   </head>
+   <body>
+     <a href="">a link</a>
+@@ -168,7 +172,11 @@
+     <link rel="alternate" type="text/rss" src="evil-rss">
+     <link rel="alternate" type="text/rss" href="http://example.com">
+     <link rel="stylesheet" type="text/rss" href="http://example.com">
+-    <style>/* deleted */</style>
++    <style>
++      body {background-image: url()};
++      div {background-image: url()};
++      div {color: };
++    </style>
+   </head>
+   <body>
+     <a href="">a link</a>

SOURCES/CVE-2021-28957.patch

@@ -0,0 +1,39 @@
+diff --git a/src/lxml/html/defs.py b/src/lxml/html/defs.py
+index caf6b21..ea3c016 100644
+--- a/src/lxml/html/defs.py
++++ b/src/lxml/html/defs.py
+@@ -21,6 +21,8 @@ link_attrs = frozenset([
+     'usemap',
+     # Not standard:
+     'dynsrc', 'lowsrc',
++    # HTML5 formaction
++    'formaction'
+     ])
+ 
+ # Not in the HTML 4 spec:
+diff --git a/src/lxml/html/tests/test_clean.py b/src/lxml/html/tests/test_clean.py
+index 451eec2..e40cdad 100644
+--- a/src/lxml/html/tests/test_clean.py
++++ b/src/lxml/html/tests/test_clean.py
+@@ -89,6 +89,21 @@ class CleanerTest(unittest.TestCase):
+             b'<math><style>/* deleted */</style></math>',
+             lxml.html.tostring(clean_html(s)))
+ 
++    def test_formaction_attribute_in_button_input(self):
++        # The formaction attribute overrides the form's action and should be
++        # treated as a malicious link attribute
++        html = ('<form id="test"><input type="submit" formaction="javascript:alert(1)"></form>'
++        '<button form="test" formaction="javascript:alert(1)">X</button>')
++        expected = ('<div><form id="test"><input type="submit" formaction=""></form>'
++        '<button form="test" formaction="">X</button></div>')
++        cleaner = Cleaner(
++            forms=False,
++            safe_attrs_only=False,
++        )
++        self.assertEqual(
++            expected,
++            cleaner.clean_html(html))
++
+ 
+ def test_suite():
+     suite = unittest.TestSuite()

SOURCES/CVE-2021-43818.patch

@@ -0,0 +1,127 @@
+diff --git a/src/lxml/html/clean.py b/src/lxml/html/clean.py
+index 6f3f7de..da5af16 100644
+--- a/src/lxml/html/clean.py
++++ b/src/lxml/html/clean.py
+@@ -73,18 +73,25 @@ _looks_like_tag_content = re.compile(
+ 
+ # All kinds of schemes besides just javascript: that can cause
+ # execution:
+-_is_image_dataurl = re.compile(
+-    r'^data:image/.+;base64', re.I).search
++_find_image_dataurls = re.compile(
++    r'^data:image/(.+);base64,', re.I).findall
+ _is_possibly_malicious_scheme = re.compile(
+-    r'(?:javascript|jscript|livescript|vbscript|data|about|mocha):',
+-    re.I).search
++    r'(javascript|jscript|livescript|vbscript|data|about|mocha):',
++    re.I).findall
++# SVG images can contain script content
++_is_unsafe_image_type = re.compile(r"(xml|svg)", re.I).findall
++
+ def _is_javascript_scheme(s):
+-    if _is_image_dataurl(s):
+-        return None
+-    return _is_possibly_malicious_scheme(s)
++    is_image_url = False
++    for image_type in _find_image_dataurls(s):
++        is_image_url = True
++        if _is_unsafe_image_type(image_type):
++            return True
++    if is_image_url:
++        return False
++    return bool(_is_possibly_malicious_scheme(s))
+ 
+ _substitute_whitespace = re.compile(r'[\s\x00-\x08\x0B\x0C\x0E-\x19]+').sub
+-# FIXME: should data: be blocked?
+ 
+ # FIXME: check against: http://msdn2.microsoft.com/en-us/library/ms537512.aspx
+ _conditional_comment_re = re.compile(
+@@ -512,6 +519,8 @@ class Cleaner(object):
+             return True
+         if 'expression(' in style:
+             return True
++        if '@import' in style:
++            return True
+         if '</noscript' in style:
+             # e.g. '<noscript><style><a title="</noscript><img src=x onerror=alert(1)>">'
+             return True
+diff --git a/src/lxml/html/tests/test_clean.py b/src/lxml/html/tests/test_clean.py
+index e40cdad..ad9a598 100644
+--- a/src/lxml/html/tests/test_clean.py
++++ b/src/lxml/html/tests/test_clean.py
+@@ -1,3 +1,5 @@
++import base64
++import gzip
+ import unittest, sys
+ from lxml.tests.common_imports import make_doctest
+ from lxml.etree import LIBXML_VERSION
+@@ -89,6 +91,69 @@ class CleanerTest(unittest.TestCase):
+             b'<math><style>/* deleted */</style></math>',
+             lxml.html.tostring(clean_html(s)))
+ 
++    def test_sneaky_import_in_style(self):
++        # Prevent "@@importimport" -> "@import" replacement.
++        style_codes = [
++            "@@importimport(extstyle.css)",
++            "@ @  import import(extstyle.css)",
++            "@ @ importimport(extstyle.css)",
++            "@@  import import(extstyle.css)",
++            "@ @import import(extstyle.css)",
++            "@@importimport()",
++        ]
++        for style_code in style_codes:
++            html = '<style>%s</style>' % style_code
++            s = lxml.html.fragment_fromstring(html)
++
++            cleaned = lxml.html.tostring(clean_html(s))
++            self.assertEqual(
++                b'<style>/* deleted */</style>',
++                cleaned,
++                "%s  ->  %s" % (style_code, cleaned))
++
++    def test_svg_data_links(self):
++        # Remove SVG images with potentially insecure content.
++        svg = b'<svg onload="alert(123)" />'
++        svgz = gzip.compress(svg)
++        svg_b64 = base64.b64encode(svg).decode('ASCII')
++        svgz_b64 = base64.b64encode(svgz).decode('ASCII')
++        urls = [
++            "data:image/svg+xml;base64," + svg_b64,
++            "data:image/svg+xml-compressed;base64," + svgz_b64,
++        ]
++        for url in urls:
++            html = '<img src="%s">' % url
++            s = lxml.html.fragment_fromstring(html)
++
++            cleaned = lxml.html.tostring(clean_html(s))
++            self.assertEqual(
++                b'<img src="">',
++                cleaned,
++                "%s  ->  %s" % (url, cleaned))
++
++    def test_image_data_links(self):
++        data = b'123'
++        data_b64 = base64.b64encode(data).decode('ASCII')
++        urls = [
++            "data:image/jpeg;base64," + data_b64,
++            "data:image/apng;base64," + data_b64,
++            "data:image/png;base64," + data_b64,
++            "data:image/gif;base64," + data_b64,
++            "data:image/webp;base64," + data_b64,
++            "data:image/bmp;base64," + data_b64,
++            "data:image/tiff;base64," + data_b64,
++            "data:image/x-icon;base64," + data_b64,
++        ]
++        for url in urls:
++            html = '<img src="%s">' % url
++            s = lxml.html.fragment_fromstring(html)
++
++            cleaned = lxml.html.tostring(clean_html(s))
++            self.assertEqual(
++                html.encode("UTF-8"),
++                cleaned,
++                "%s  ->  %s" % (url, cleaned))
++
+     def test_formaction_attribute_in_button_input(self):
+         # The formaction attribute overrides the form's action and should be
+         # treated as a malicious link attribute

SOURCES/fix-threading-tests.patch

@@ -0,0 +1,26 @@
+diff --git a/src/lxml/tests/test_threading.py b/src/lxml/tests/test_threading.py
+index 8948c3e..5ede3f8 100644
+--- a/src/lxml/tests/test_threading.py
++++ b/src/lxml/tests/test_threading.py
+@@ -130,7 +130,7 @@ class ThreadingTestCase(HelperTestCase):
+     <xsl:template match="tag" />
+     <!-- extend time for parsing + transform -->
+ ''' + '\n'.join('<xsl:template match="tag%x" />' % i for i in range(200)) + '''
+-    <xsl:foo />
++    <xsl:UnExpectedElement />
+ </xsl:stylesheet>''')
+         self.assertRaises(etree.XSLTParseError,
+                           etree.XSLT, style)
+@@ -153,9 +153,10 @@ class ThreadingTestCase(HelperTestCase):
+             self.assertTrue(len(log))
+             if last_log is not None:
+                 self.assertEqual(len(last_log), len(log))
+-            self.assertEqual(4, len(log))
++            self.assertTrue(len(log) >= 2, len(log))
+             for error in log:
+-                self.assertTrue(':ERROR:XSLT:' in str(error))
++                self.assertTrue(':ERROR:XSLT:' in str(error), str(error))
++            self.assertTrue(any('UnExpectedElement' in str(error) for error in log), log)
+             last_log = log
+ 
+     def test_thread_xslt_apply_error_log(self):

SPECS/python-lxml.spec

@@ -1,160 +1,105 @@
-* Mon Jan 22 2024 Fedora Release Engineering <releng@fedoraproject.org> - 5.1.0-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
+%global modname lxml
 
-* Mon Jan 08 2024 Lumír Balhar <lbalhar@redhat.com> - 5.1.0-1
-- Update to 5.1.0 (rhbz#2256232)
+Name:           python-%{modname}
+Version:        4.2.3
+Release:        4%{?dist}
+Summary:        XML processing library combining libxml2/libxslt with the ElementTree API
 
-* Wed Dec 20 2023 Lumír Balhar <lbalhar@redhat.com> - 4.9.4-1
-- Update to 4.9.4 (rhbz#2255267)
+License:        BSD
+URL:            http://lxml.de
+Source0:        http://lxml.de/files/%{modname}-%{version}.tgz
 
-* Sun Nov 26 2023 David King <amigadave@amigadave.com> - 4.9.3-4
-- Fix building against libxml2 2.12.0
-- Resolves: rhbz#2250838
+# Fix for CVE-2020-27783: mXSS due to the use of improper parser
+# Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1901633
+# Two upstream commits combined:
+#   Version 4.6.1: https://github.com/lxml/lxml/commit/89e7aad6e7ff9ecd88678ff25f885988b184b26e
+#   Version 4.6.2: https://github.com/lxml/lxml/commit/a105ab8dc262ec6735977c25c13f0bdfcdec72a7
+Patch0:         CVE-2020-27783.patch
 
-* Mon Oct 30 2023 Miro Hrončok <mhroncok@redhat.com> - 4.9.3-3
-- Fix build with a future mock version
+# Fix for CVE-2021-28957: missing input sanitization
+# for formaction HTML5 attributes which may lead to XSS
+# Fixed upstream: https://github.com/lxml/lxml/commit/2d01a1ba8984e0483ce6619b972832377f208a0d
+Patch1: CVE-2021-28957.patch
 
-* Fri Jul 28 2023 Miro Hrončok <mhroncok@redhat.com> - 4.9.3-2
-- Fix build with Cython 3
+# Fix for CVE-2021-43818: HTML Cleaner allows crafted
+# and SVG embedded scripts to pass through
+# Fixed upstream:
+# https://github.com/lxml/lxml/commit/12fa9669007180a7bb87d990c375cf91ca5b664a
+# https://github.com/lxml/lxml/commit/f2330237440df7e8f39c3ad1b1aa8852be3b27c0
+Patch2: CVE-2021-43818.patch
 
-* Fri Jul 21 2023 Lumír Balhar <lbalhar@redhat.com> - 4.9.3-1
-- Update to 4.9.3 (rhbz#2219811)
+# Make test more resilient against changes in latest libxslt releases
+# Fixed upstream: https://github.com/lxml/lxml/commit/acef361ca80ff9afd828d91c98ea91c92f9d09af
+Patch3: fix-threading-tests.patch
 
-* Fri Jul 21 2023 Fedora Release Engineering <releng@fedoraproject.org> - 4.9.2-9
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+BuildRequires:  gcc
+BuildRequires:  libxml2-devel
+BuildRequires:  libxslt-devel
 
-* Fri Jul 14 2023 Miro Hrončok <mhroncok@redhat.com> - 4.9.2-8
-- Bring back the isoschematron submodule,
-  but without the validation of the schema file itself
+%global _description \
+lxml is a Pythonic, mature binding for the libxml2 and libxslt libraries. It\
+provides safe and convenient access to these libraries using the ElementTree It\
+extends the ElementTree API significantly to offer support for XPath, RelaxNG,\
+XML Schema, XSLT, C14N and much more.To contact the project, go to the project\
+home page < or see our bug tracker at case you want to use the current ...
 
-* Fri Jun 16 2023 Python Maint <python-maint@redhat.com> - 4.9.2-7
-- Rebuilt for Python 3.12
+%description %{_description}
 
-* Tue Jun 13 2023 Python Maint <python-maint@redhat.com> - 4.9.2-6
-- Bootstrap for Python 3.12
+%package -n     python3-%{modname}
+Summary:        %{summary}
+BuildRequires:  python3-devel
+BuildRequires:  python3-setuptools
+BuildRequires:  python3-Cython
+Recommends:     python3-cssselect
+Recommends:     python3-html5lib
+Recommends:     python3-beautifulsoup4
+%{?python_provide:%python_provide python3-%{modname}}
 
-* Wed May 31 2023 Miro Hrončok <mhroncok@redhat.com> - 4.9.2-5
-- Remove the isoschematron submodule
+%description -n python3-%{modname} %{_description}
 
-* Tue May 30 2023 Yaakov Selkowitz <yselkowi@redhat.com> - 4.9.2-4
-- Disable extra subpackages in RHEL builds
+Python 3 version.
 
-* Mon May 29 2023 Tomáš Hrnčiar <thrnciar@redhat.com> - 4.9.2-3
-- Skip failing test to avoid FTBFS
+%prep
+%autosetup -n %{modname}-%{version} -p1
 
-* Fri Jan 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 4.9.2-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+%build
+export WITH_CYTHON=true
+%py3_build
 
-* Wed Dec 14 2022 Lumír Balhar <lbalhar@redhat.com> - 4.9.2-1
-- Update to 4.9.2 (rhbz#2153063)
+%install
+%py3_install
 
-* Wed Sep 14 2022 Charalampos Stratakis <cstratak@redhat.com> - 4.9.1-1
-- Update to 4.9.1
-- Fix for CVE-2022-2309
-- Resolves: rhbz#2107571, rhbz#2110131
+%check
+# The tests assume inplace build, so we copy the built library to source-dir.
+# If not done that, Python can either import the tests or the extension modules, but not both.
+cp -a build/lib.%{python3_platform}-%{python3_version}/* src/
+# The options are: verbose, unit, functional
+%{python3} test.py -vuf
 
-* Wed Aug 31 2022 Miro Hrončok <mhroncok@redhat.com> - 4.7.1-6
-- Use SPDX license identifiers
-- The schematron files are not Zlib licensed, but MIT
-- Package the lxml[cssselect], lxml[html5] and lxml[htmlsoup] extras
+%files -n python3-%{modname}
+%license doc/licenses/ZopePublicLicense.txt LICENSES.txt
+%doc README.rst src/lxml/isoschematron/resources/xsl/iso-schematron-xslt1/readme.txt
+%{python3_sitearch}/%{modname}/
+%{python3_sitearch}/%{modname}-*.egg-info/
 
-* Fri Jul 22 2022 Fedora Release Engineering <releng@fedoraproject.org> - 4.7.1-5
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+%changelog
+* Thu Jan 06 2022 Charalampos Stratakis <cstratak@redhat.com> - 4.2.3-4
+- Security fix for CVE-2021-43818
+Resolves: rhbz#2032569
 
-* Wed Jun 22 2022 Charalampos Stratakis <cstratak@redhat.com> - 4.7.1-4
-- Fix FTBFS with setuptools >= 62.1
-- Resolves: rhbz#2097102
+* Wed Mar 24 2021 Charalampos Stratakis <cstratak@redhat.com> - 4.2.3-3
+- Security fix for CVE-2021-28957
+Resolves: rhbz#1941534
 
-* Mon Jun 13 2022 Python Maint <python-maint@redhat.com> - 4.7.1-3
-- Rebuilt for Python 3.11
+* Tue Dec 08 2020 Charalampos Stratakis <cstratak@redhat.com> - 4.2.3-2
+- Security fix for CVE-2020-27783: mXSS due to the use of improper parser
+Resolves: rhbz#1901633
 
-* Fri Jan 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 4.7.1-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+* Thu Aug 02 2018 Sebastian Kisela <skisela@redhat.com> - 4.2.3-1
+- New upstream release 4.2.3
 
-* Thu Jan 06 2022 Charalampos Stratakis <cstratak@redhat.com> - 4.7.1-1
-- Update to 4.7.1
-- Fixes CVE-2021-43818
-- Resolves: rhbz#2031686, rhbz#2032572
-
-* Fri Nov 26 2021 Miro Hrončok <mhroncok@redhat.com> - 4.6.3-5
-- Run the tests during build
-- Resolves: rhbz#2026941
-
-* Fri Jul 23 2021 Fedora Release Engineering <releng@fedoraproject.org> - 4.6.3-4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
-
-* Thu Jun 03 2021 Charalampos Stratakis <cstratak@redhat.com> - 4.6.3-3
-- Update the license information
-
-* Wed Jun 02 2021 Python Maint <python-maint@redhat.com> - 4.6.3-2
-- Rebuilt for Python 3.10
-
-* Thu May 20 2021 Charalampos Stratakis <cstratak@redhat.com> - 4.6.3-1
-- Update to 4.6.3
-- Fixes CVE-2021-28957
-- Fixes: rhbz#1941773
-- Fixes: rhbz#1941535
-
-* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 4.6.2-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
-
-* Tue Dec 01 2020 Miro Hrončok <mhroncok@redhat.com> - 4.6.2-1
-- Update to 4.6.2
-- Fixes CVE-2020-27783 and another vulnerability in the HTML Cleaner
-- Fixes: rhbz#1855415
-- Fixes: rhbz#1901634
-
-* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.5.1-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
-
-* Mon Jun 01 2020 Igor Raits <ignatenkobrain@fedoraproject.org> - 4.5.1-1
-- Update to 4.5.1
-
-* Fri May 22 2020 Miro Hrončok <mhroncok@redhat.com> - 4.4.1-5
-- Rebuilt for Python 3.9
-
-* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.4.1-4
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
-
-* Wed Nov 20 2019 Miro Hrončok <mhroncok@redhat.com> - 4.4.1-3
-- Subpackage python2-lxml has been removed
-  See https://fedoraproject.org/wiki/Changes/Mass_Python_2_Package_Removal
-
-* Sat Sep 07 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 4.4.1-2
-- Generate C files using py3 Cython
-
-* Sat Sep 07 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 4.4.1-1
-- Update to 4.4.1
-
-* Fri Aug 16 2019 Miro Hrončok <mhroncok@redhat.com> - 4.4.0-2
-- Rebuilt for Python 3.8
-
-* Sat Aug 03 2019 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 4.4.0-1
-- Update to 4.4.0
-
-* Fri Jul 26 2019 Fedora Release Engineering <releng@fedoraproject.org> - 4.2.5-3
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
-
-* Sat Feb 02 2019 Fedora Release Engineering <releng@fedoraproject.org> - 4.2.5-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
-
-* Tue Dec 18 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 4.2.5-1
-- Update to 4.2.5
-
-* Sun Sep 02 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 4.2.4-1
-- Update to 4.2.4
-
-* Sat Jul 14 2018 Fedora Release Engineering <releng@fedoraproject.org> - 4.2.3-2
-- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
-
-* Sat Jul 07 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 4.2.3-1
-- Update to 4.2.3
-
-* Sun Jun 17 2018 Miro Hrončok <mhroncok@redhat.com> - 4.2.1-2
-- Rebuilt for Python 3.7
-
-* Wed Apr 25 2018 Igor Gnatenko <ignatenkobrain@fedoraproject.org> - 4.2.1-1
-- Update to 4.2.1
+* Sun Jul 22 2018 Charalampos Stratakis <cstratak@redhat.com> - 4.1.1-3
+- Conditionalize the python2 subpackage
 
 * Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 4.1.1-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

ci.fmf

@@ -1 +0,0 @@
-resultsdb-testcase: separate

gating.yaml

@@ -1,5 +0,0 @@
---- !Policy
-
-decision_context: osci_compose_gate
-rules:
-  - !PassingTestCaseRule {test_case_name: osci.brew-build./plans/smoke.functional}

get-lxml-source.sh

@@ -1,28 +0,0 @@
-#! /bin/bash -ex
-
-# Download a release of lxml (if missing) and remove the isoschematron module from it
-
-version=$1
-
-if [ -z "${version}" ]; then
-    echo "Usage: $0 VERSION" >& 2
-    echo "" >& 2
-    echo "example: $0 4.9.2" >& 2
-    exit 1
-fi
-
-versionedname=lxml-${version}
-orig_archive=${versionedname}.tar.gz
-new_archive=${versionedname}-no-isoschematron-rng.tar.gz
-
-if [ ! -e ${orig_archive} ]; then
-    wget -N https://files.pythonhosted.org/packages/source/l/lxml/${orig_archive}
-fi
-
-deleted_directory=lxml-${version}/src/lxml/isoschematron/resources/rng
-
-# tar --delete does not operate on compressed archives, so do
-# gz decompression explicitly
-gzip --decompress ${orig_archive}
-tar -v --delete -f ${orig_archive//.gz} ${deleted_directory}
-gzip -cf ${orig_archive//.gz} > ${new_archive}

plans/etree-fromstring.py

@@ -1,7 +0,0 @@
-import lxml.etree as et
-s = '<foo><bar baz="xyzzy">a<![CDATA[b]]>c</bar></foo>'
-x = et.fromstring(s)
-t = x.find('bar').text
-print(t)
-if t != 'abc':
-    raise Exception()

plans/smoke.fmf

@@ -1,12 +0,0 @@
-summary: Basic smoke test
-discover:
-  how: shell
-  tests:
-    - name: /smoke/import-python-module
-      test: |
-        python3 -c 'import importlib as il; print(il.import_module("lxml"))'
-    - name: /smoke/etree-fromstring
-      test: |
-        python3 plans/etree-fromstring.py
-execute:
-  how: tmt

python-lxml.spec

@@ -1,97 +0,0 @@
-Name:           python-lxml
-Version:        5.2.1
-Release:        %autorelease
-Summary:        XML processing library combining libxml2/libxslt with the ElementTree API
-
-# The lxml project is licensed under BSD-3-Clause
-# Some code is derived from ElementTree and cElementTree
-# thus using the MIT-CMU elementtree license
-# .xsl schematron files are under the MIT license
-License:        BSD-3-Clause AND MIT-CMU AND MIT
-URL:            https://github.com/lxml/lxml
-
-# We use the get-lxml-source.sh script to generate the tarball
-# without the isoschematron RNG validation file under a problematic license.
-# See: https://gitlab.com/fedora/legal/fedora-license-data/-/issues/154
-Source0:        lxml-%{version}-no-isoschematron-rng.tar.gz
-Source1:        get-lxml-source.sh
-
-# Skip some tests if lxml_html_clean is not available
-Patch:          https://github.com/lxml/lxml/pull/417.patch
-
-BuildRequires:  gcc
-BuildRequires:  libxml2-devel
-BuildRequires:  libxslt-devel
-BuildRequires:  python3-devel
-
-# Some of the extras create a build dependency loop.
-# - [cssselect] Requires cssselect BuildRequires lxml
-# - [html5] Requires html5lib BuildRequires lxml
-# - [htmlsoup] Requires beautifulsoup4 Requires lxml
-# - [html_clean] Requires lxml-html-clean Requires lxml
-# Hence we provide a bcond to disable the extras altogether.
-# By default, the extras are disabled in RHEL, to avoid dependencies.
-%bcond extras %{undefined rhel}
-
-%global _description \
-lxml is a Pythonic, mature binding for the libxml2 and libxslt libraries. It\
-provides safe and convenient access to these libraries using the ElementTree It\
-extends the ElementTree API significantly to offer support for XPath, RelaxNG,\
-XML Schema, XSLT, C14N and much more.
-
-%description %{_description}
-
-%package -n     python3-lxml
-Summary:        %{summary}
-%if %{with extras}
-Suggests:       python3-lxml+cssselect
-Suggests:       python3-lxml+html5
-Suggests:       python3-lxml+htmlsoup
-Suggests:       python3-lxml+html_clean
-%endif
-
-%description -n python3-lxml %{_description}
-
-Python 3 version.
-
-%if %{with extras}
-%pyproject_extras_subpkg -n python3-lxml cssselect html5 htmlsoup html_clean
-%endif
-
-%prep
-%autosetup -n lxml-%{version} -p1
-# Don't run html5lib tests --without extras
-%{!?without_extras:rm src/lxml/html/tests/test_html5parser.py}
-
-# Remove limit for version of Cython
-sed -i "s/Cython.*/Cython/" requirements.txt
-sed -i 's/"Cython.*",/"Cython",/' pyproject.toml
-
-%generate_buildrequires
-%pyproject_buildrequires -x source%{?with_extras:,cssselect,html5,htmlsoup,html_clean}
-
-%build
-# Remove pregenerated Cython C sources
-# We need to do this after %%pyproject_buildrequires because setup.py errors
-# without Cython and without the .c files.
-find -type f -name '*.c' -print -delete >&2
-export WITH_CYTHON=true
-%pyproject_wheel
-
-%install
-%pyproject_install
-%pyproject_save_files lxml
-
-%check
-# The tests assume inplace build, so we copy the built library to source-dir.
-# If not done that, Python can either import the tests or the extension modules, but not both.
-cp -a build/lib.%{python3_platform}-*/* src/
-# The options are: verbose, unit, functional
-%{python3} test.py -vuf
-
-%files -n python3-lxml -f %{pyproject_files}
-%license doc/licenses/BSD.txt doc/licenses/elementtree.txt
-%doc README.rst
-
-%changelog
-%autochangelog

sources

@@ -1 +0,0 @@
-SHA512 (lxml-5.2.1-no-isoschematron-rng.tar.gz) = 7bfd9caf7e45157726e16c7286bdcb1b4dfa24df000df96d6571d65f59760ea5747e364da788cee3116977810b870ab90e451b519701f5cc26f1111a2528c996